Want NTP on your IDS?

Hello everyone! Below you will find my generic howto on how to add NTP service to your Cisco IDS. Obviously Cisco doesn't "support" this configuration but it is very simple so it shouldn't cause any problems. The NTP update service is already installed on the OS so this process is very simple.

1.) SSH/Telnet into your IDS and login as root.

2.) Unless you are familiar with the ed editor, excute these commands so that you don't frustrate yourself. "EDITOR=/usr/bin/vi" then "export EDITOR". Now vi will be your default editor.

3.) Type "crontab -l". This will list your current crontab, I suggest you make a backup of this unless you are good with vi. :)

Re: Want NTP on your IDS?

Bryan,

Thanks for the information - excellent instructions. How would you recommend someone "confirm" their sensor is being properly updated via NTP? I have limited experience with Solaris. I presume there might be something from the command prompt which would indicate the system's source of time?

Re: Want NTP on your IDS?

Yes, I agree that editing the ntp.conf file will probably achieve the same task. The only problem I see is that the xntpd daemon is ALWAYS running and using up system resources, in addition to whatever security risks associated with keeping this process going. I still believe a simple cronjob running the ntp update is a better all around solution, I guess the point could be argued either way. :)

We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...
view more